Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:0286-1

Опубликовано: 31 янв. 2024
Источник: suse-cvrf

Описание

Security update for slurm_22_05

This update for slurm_22_05 fixes the following issues:

Update to slurm 22.05.11:

Security fixes:

  • CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
  • CVE-2023-49936: Prevent NULL pointer dereference on size_valp overflow. (bsc#1218050)
  • CVE-2023-49937: Prevent double-xfree() on error in _unpack_node_reg_resp(). (bsc#1218051)
  • CVE-2023-49938: Prevent modified sbcast RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

  • Add missing service file for slurmrestd (bsc#1217711).
  • Fix slurm upgrading to incompatible versions (bsc#1216869).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libnss_slurm2_22_05-22.05.11-150200.5.9.1
libpmi0_22_05-22.05.11-150200.5.9.1
libslurm38-22.05.11-150200.5.9.1
perl-slurm_22_05-22.05.11-150200.5.9.1
slurm_22_05-22.05.11-150200.5.9.1
slurm_22_05-auth-none-22.05.11-150200.5.9.1
slurm_22_05-config-22.05.11-150200.5.9.1
slurm_22_05-config-man-22.05.11-150200.5.9.1
slurm_22_05-devel-22.05.11-150200.5.9.1
slurm_22_05-doc-22.05.11-150200.5.9.1
slurm_22_05-lua-22.05.11-150200.5.9.1
slurm_22_05-munge-22.05.11-150200.5.9.1
slurm_22_05-node-22.05.11-150200.5.9.1
slurm_22_05-pam_slurm-22.05.11-150200.5.9.1
slurm_22_05-plugins-22.05.11-150200.5.9.1
slurm_22_05-rest-22.05.11-150200.5.9.1
slurm_22_05-slurmdbd-22.05.11-150200.5.9.1
slurm_22_05-sql-22.05.11-150200.5.9.1
slurm_22_05-sview-22.05.11-150200.5.9.1
slurm_22_05-torque-22.05.11-150200.5.9.1
slurm_22_05-webdoc-22.05.11-150200.5.9.1

Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm38-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm_22_05-22.05.11-150200.5.9.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm38-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm_22_05-22.05.11-150200.5.9.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm38-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm_22_05-22.05.11-150200.5.9.1
Ссылки

Описание

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libnss_slurm2_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpmi0_22_05-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libslurm38-22.05.11-150200.5.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-slurm_22_05-22.05.11-150200.5.9.1
Ссылки
Уязвимость SUSE-SU-2024:0286-1